Cybersecurity review and improvement is essential for all organizations. Build and improve your cybersecurity program now. Cybercrime is a threat to every organization, attacks can disable and are costly. Legal requirements exist now. Good cybersecurity is a part of good management which helps organizations achieve their mission.
Simply put, good organization cybersecurity helps organizations do three main things:
- Protect from cybercrime
- Comply with legal requirements
- Better achieve the Mission through proper management and efficiency
To do this, we need to work on a number of interrelated things that relate to people, technology, information systems, and law. So we want to:
- Know and evaluate legal requirements (external rules)
- Build or improve internal rules (policies, procedures)
- Practice what we preach (do what the policy says we are supposed to do)
- Manage risks reasonably and effectively
- Manage information assets efficiently to accomplish the mission
- Continually improve.
Organizations should protect against the Three Priority Cybercrime Threats which are costly in time, money, and reputation:
- Data breaches – compromise of confidential data. This may require investigation, notification to government and clients and customers, and damage reputation.
- Ransomware – locks computer systems and data making them unusable. The organization is extorted to pay a significant ransom to the cybercriminals to try regain access to systems and data. This may also be a data breach.
- Theft of funds – large payments can be diverted and stolen. The funds may never be recovered and may not be insured. Litigation and other disruption ensue.
Organizations should comply with legal requirements.
- Be diligent and reasonable in plan and practice (not negligent or deficient).
- Protect the personal and private information they are entrusted with.
- Including information belonging to customers, clients, patients, donors, and employees.
- Prevent, identify, and accurately report data breaches to government and affected parties.
- Comply with laws and regulations that impose specific cybersecurity requirements.
For example, New York’s recent SHIELD Act imposes a number of distinct obligations. Your state does too.
Organizations should manage information assets effectively to further the mission and business needs.
Many organizations have no cybersecurity plan. Many have not reached the point where their security can be described as “reasonable” or “diligent”. We can help improve your organization's security, compliance, and efficiency.
Cybersecurity Services - Review and Improve
Every organization -- no matter their starting point -- should continually review and improve their cybersecurity plan and posture. This means evaluating the cybersecurity program, written documentation, practices, evolving legal requirements, and the many threats.
Consider this checklist
- Does your organization have a plan in place? Consider the following plans and written governance documents:
- Cybersecurity policy
- Incident response plan
- Are your plans and documents excellent, or is there room for improvement? They should:
- Help the organization achieve its mission
- Comply with external rules (laws/regulations)
- Draw from and point to helpful guidance and additional resources
- Establish internal governance
- Be readable, practical, and well-organized
- Be reviewed periodically and updated as needed
- Be understood and followed by all members of the organization
- Consider my Five Components for Policy Work, and Four Pillars of Cybersecurity.
- Are all organization members trained on the documents, cybersecurity, and cybercrime threats?
- Is your organization following the plan properly and protecting itself and the data it is entrusted with?
We can help in many ways
Whether you are just getting started or already have some cybersecurity policies and procedures in place, our services can help your organization protect itself from cybercrime and comply with increasing legal requirements relating to cybersecurity and privacy. We have experience developing and improving programs and policies tailored for organizations of any size or type. Aided by insight into what allows most cybercrimes to occur, we can help organizations prevent incidents and build a cybersecurity program that withstands scrutiny. Organizations are empowered to better manage their information assets efficiently and securely.
Review and improve
- Existing written documentation
- Existing practices
- Existing training and knowledge
- Legal requirements
- Contractual obligations
- Cybersecurity practices and governance
- Help prevent a cybercrime or other incident
- Help ensure compliance with cybersecurity requirements
- Build or improve
- Cybersecurity documentation (internal rules)
- Written policies, standards, procedures, incident response plans
- Unwritten, verbal "policies" may not be worth the paper they are not printed on.
- Improve upon existing documents, create new documentation if needed
- Implement and train
No one plans to fail, but organizations sometimes fail to plan.
Get your cybersecurity plan in place, and then continually improve it.
Click the image or text to visit the contact form and send a message.
Provide enough information about yourself, organization, and needs to ensure a response (name, email, phone number, company name) but do not include confidential information.
John Bandler has unique expertise that spans law, technology, business, cybersecurity, investigation of cybercrime, writing, training, and speaking. He is licensed to practice law in NY, CT, and DC, and holds many certifications in cybersecurity, technology, and more. He is the author of two books and many articles, teaches at the law school, graduate, and undergraduate levels, and is an accomplished speaker. Previously John served the public as a prosecutor (where he investigated and prosecuted cybercrime among other offenses), state trooper, and military officer.
For more information about improving your organization, cybersecurity, and cybercrime, see:
- I offer other Services too
- Contact me to discuss your needs
- This site has a lot of reliable information, including:
- My pricing is appropriate to organization size, project and budget.
- I know that some organizations cannot afford to hire an expert yet. I have abundant resources on this site, including the above and:
This article is hosted at https://johnbandler.com/cybersecurity-services, copyright John Bandler, all rights reserved.